Äike were an Estonian scooter company, which sadly went bust last year. [Rasmus Moorats] has one, and since the app and cloud service the scooter depends on have lost functionality, he decided to reverse engineer it. Along the way he achieved his goal, but found a vulnerability that unlocks all Äike scooters.

The write-up is a tale of app and Bluetooth reverse engineering, ending with the startling revelation of a hardcoded key that’s simply “ffffffffffffffff”. From that he can unlock and interact with any Äike scooter, except for a subset that were used as hire scooters and didn’t have Bluetooth. Perhaps of more legitimate use is the reverse engineering of the scooter functionality.

What do you do when you find a vulnerability in a product whose manufacturer has gone? He reported to the vendor of the IoT module inside the scooter, who responded that the key was a default value that should have been changed by the Äike developers. Good luck, should you own one of these machines.

Meanwhile, scooter hacking is very much a thing for other manufacturers too.